|
Family: Gain a shell remotely --> Category: infos
SSH Insertion Attack Vulnerability Scan
Vulnerability Scan Summary Checks for the remote SSH version
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote SSH server contains a cryptographical weakness which might allow
a third party to decrypt the traffic.
Description :
The remote host is running a version of SSH which is older than (or as old as)
version 1.2.23.
The remote version of this software is vulnerable to a known plain text attack,
which may allow a possible hacker to insert encrypted packets in the client - server
stream that will be deciphered by the server, thus allowing the attacker to
execute arbitrary commands on the remote server
Solution :
Upgrade to version 1.2.25 of SSH which solves this problem.
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|